Five Tips to Deflect a Ransomware Attack
Originally posted on https://www.astutetm.com/2019/10/five-tips-to-deflect-a-ransomware-attack/
Type “Ransomware” into your search bar any day, any time, any week and you are guaranteed to be presented with at least three top stories, posted within hours, about the most recent ransomware attack in the U.S and worldwide.
Ransomware is malicious software designed to lock computers or data storage until a ransom is paid – keyword malicious. The cyber-criminals who write the code for these attacks mean business, to the tune of millions of dollars lost annually. The 2019 Beazley Breach Briefing shows that small to medium sized businesses are at higher risk of being hit by ransomware because they spend less on information security. Here are five tips that could help deflect a ransomware attack on your small to medium sized business.
Tip #1. Create a human firewall.
Humans are the weakest link in any network. All staff, including IT and security administrators should receive cyber security training at least annually. Mandating good password hygiene, executing simulated phishing, instituting multi factor authentication organization wide and keeping employees informed of the risks of poor security habits is essential in keeping SMB’s ransomware free.
According to a recent CompTIA cyber security report, human error is the root cause of 52% of all security breaches. Why? Increased use of Social Media at work for one. Who hasn’t logged onto Facebook or Instagram at the office? Secondly, a failure of staff to understand new threats is a big reason people cause security breaches. This is completely understandable since cyber security probably isn’t high on the list of fun or easy free time reading. A general negligence and lack of security expertise with websites and applications can also mean a breach is imminent for many businesses. Hackers have become so good at feigning legitimacy it can take an expert to spot a fake. Failure of internal IT staff to follow security procedures and policies is also, unfortunately, a reason many businesses become victim to ransomware. The drought in qualified and experienced IT personnel in many regions has lead to businesses being forced to employ IT staff that lack the cyber security training necessary to thwart ransomware attacks. SMB’s must embrace security and the leaders in these organizations need to present security as a culture of essential compliance.
Tip #2. Use advanced email protection.
According to the 2019 Verizon Data Breach Analysis, over 90% of malware is delivered via email. This makes implementing a strong email protection system the single most impactful technical decision an SMB can make. And not all email protection services are created equal. Choose a service with AI based filtering, link rewriting and file/link detonation (or sandboxing).
With most businesses utilizing email as their primary form of communication and the fact that 47% of all ransomware attacks are Business Email Compromises, SMB’s simply can’t afford to lowball their perimeter.
Tip #3. Implement a backup and recovery plan and test it at least annually.
Hackers are extremely adept at altering their attack methods to combat antimalware controls. It isn’t really a question of if your business will be attacked, it’s when (and it’s already happened). And just like in the movies where the person being held ransom is dead before the ransom ever gets paid, hackers may or may not de-encrypt your data even after you’ve paid the ransom. According to the 2019 CyberEdge Cyberthreat Defense Report only three in five ransom payers successfully recovered their data after the attack. It is essential that SMB’s entrust their backup to a reliable in house or MSP provider and test the recovery method.
With ransomware attacks against businesses increasing by 363% year-over-year creating a backup and recovery plan needs to happen yesterday. SMB’s should practice or check with their MSP to see if they will orchestrate taking the entire network down to simulate a disaster. The process will enable in house technicians and MSP’s to create a strategic and reproducible recovery plan. The tested recovery plan will prove invaluable and likely stress reducing during an actual event.
Tip #4. Don’t use administrative accounts.
At least not for day-to-day operations. Any user who needs an administrative level account should have a separate account created. For normal day-to-day functions the user should login with the standard user account. Typically standard user accounts can’t install software or access critical file systems. This means malware installed under a standard account can’t make damaging changes to major files or the network in its entirety.
Users should make it standard practice to only use the administrative account when requested to elevate permissions. Since admin accounts have absolute permission to do things on a machine and network, the security risks that ride along with admin accounts are too high to use liberally.
Tip #5. Secure system administration tools.
Don’t give everyone access to everything. Access controls like file, directory and network share permissions should be configured with least privilege in mind. No user should be assigned administrative access unless necessary, regardless of title. In reality, few (if any) network users need access to all network resources (such as file shares). Providing access due to title alone can create an unnecessarily large attack surface. These users are typically the most publicly well-known and are more likely to be the targets of an attack. This practice will help ensure only a very small number of users could shut down the entire organization if targeted.
In house IT and MSP’s should monitor systems and networks for communications to hacker servers. They should patch and update operating systems, software and other applications with efficiency and regularity so hackers can’t access security gaps.
Ransomware isn’t going away.
The percentage of organizations affected by successful ransomware attacks has increased to 56% in the last year. Of those affected, the percentage electing to pay the ransom has risen considerably. Other global trends like a worsening IT skills shortage, the ever-growing Internet of Things and inadequate IT budgets translate into big profits for hackers. SMB’s should be aware of these trends and embrace the solutions to them to ensure their organization stays profitable. All too often the “That won’t happen to me” mentality overrides statistical data.
Partnering with an experienced MSP like Astute Technology Management can ensure your business’s staff and network is a formidable opponent to ransomware. It also means your data is secure and recoverable in the event an attack is successful. Serving Columbus Ohio and Cincinnati Ohio since 1998 with industry leading partnerships in the cybersecurity industry mean your SMB will stay up and running day in and day out!